home

wget.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from mega.co.nz and multiple other hosts.
MD5:
bd126a7b59d5d1f97ba89a3e71425731

SHA-1:
457b1cd985ed07baffd8c66ff40e9c1b6da93753

SHA-256:
a48ad33695a44de887bba8f2f3174fd8fb01a46a19e3ec9078b0118647ccf599

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/19/2024 11:17:42 AM UTC  (today)

Scan engine
Detection
Engine version

F-Secure
Win32.Ramnit.N
5.15.21

File size:
392 KB (401,408 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\~\wget.exe

File PE Metadata
Compilation timestamp:
4/25/2009 7:09:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
6144:eoxkuaVJiysgokd+8L2LZ9aUedgk+TGk57rrpmNDEpO/YIPOWCiwYFnY:JxkJLiynXvqjggpl57rrpmNQp2YIGRY

Entry address:
0xED800

Entry point:
60, BE, 00, C0, 48, 00, 8D, BE, 00, 50, F7, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11...
 
[+]

Entropy:
7.9230

Packer / compiler:
UPX 2.90LZMA]

Code size:
392 KB (401,408 bytes)

The file wget.exe has been discovered within the following programs.

AT&T Support Plus PC Maintenance Toolbox  by Sutherland Global Services Inc.,
Publisher's description - “Get the PC support you need, right when you need it, right on your desktop. PC Maintenance Toolbox: Requires an active broadband Internet connection and a working/functional PC (XP or higher) with 500MB free HD space;.”
pctoolbox.att.com
69% remove it
IPTVONLINE version IPTVONLINE  by IPTVONLINE
tvdoofree.com
About 8% of users remove it
Joni Lphant  by JoniJnm.es
About 6% of users remove it
PURE Flow Server  by PURE Digital
About 8% of users remove it
SelectionLinks  by Objectify Media
SelectionLinks by Objectify Media is a web browser extension for Intenet Explorer and Firefox.
www.selectionlinks.com
88% remove it
World of Warcraft  by Blizzard Entertainment
World of Warcraft is the fourth released game set in the fantasy Warcraft universe.
us.blizzard.com/support
8% remove it
 
Powered by Should I Remove It?

The file wget.exe has been seen being distributed by the following 23 URLs.

https://mega.co.nz/temporary/.../oAQABSbK

ftp://10.10.10.10/Softwares/DriverPack Solution15.12 Drayver-Paki 15.12.1/DriverPack Solution15.12 Drayver-Paki 15.12.1/.../wget.exe

http://gsf-cf.softonic.com/457/b1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=303826&instance=softonic_en&type=PROGRAM&Expires=1441753007&Signature=MvtI-P~lCTX-lbJj9qiTj61ZWbtfdo1IAFLpq-gFd7WuADppZmgT34awCP225AhkTB5ICFER3WiCkxDKmV6~IdO2cvp3iy8GbL1-yZ2mQOXPKYqJMuq1WTFi306IaFjjs2KS6gMMjjYwyJqXHg9q6daJt~Tk0wsnwlTieS7jkEk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=wget.exe

http://gsf-cf.softonic.com/457/b1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=303826&instance=softonic_en&type=PROGRAM&Expires=1474660700&Signature=QzKXonrD7wIncAnKWhEZX~ISfv49z2cO5SN27imCO2ZLeTHVaxTizmr9R-7fRnbxExriZGDcPiRSji-Dvk8lDaphbXhmzl6hDo5tg1ESd5EHC53v9uA1s8BaoHQ5PTWdMTsLVaxpqhPDuIfa2aG-cHrIYFbm9vjc9ittdJvTxFY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=wget.exe

http://gsf-cf.softonic.com/457/b1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=303826&instance=softonic_en&type=PROGRAM&Expires=1447890951&Signature=IP7bXF9C4R5ktxRNqRAGEQkf67PGSuOq7nnFRzpl3A0QlXec6CkffGJm1Q6lVDykvl5uCnOFtONwz5KHUfEcrS0w0WJNa6536Fy5hXHBAjnLFVwExL3WRfVehZcQRcM6wkx46YenV1JuBUkCI6c-u-ihAv4SrjpN5Z9bIZdfgIw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=wget.exe

http://172.16.0.95/bridge/.../wget.exe

http://gsf-cf.softonic.com/457/b1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=303826&instance=softonic_en&type=PROGRAM&Expires=1429694955&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=QkcrCIKp-ZSo-aevacp4Pdw2yBF9tiUTUR-Bxn0OEWzR7TC~VnGmuip0UwOmh2huBaWpWvkMwV~OiY7b~oNL9hARtmEC9B9VrDYkxhpHe~YCaCJ8xZ14dO-Kz1dpbhpRIxgDeBKij9BCK2qmX6ZYpPeQ6bkRAlwvjEXB-DyklOc_&filename=wget.exe

http://gsf-cf.softonic.com/457/b1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=303826&instance=softonic_en&type=PROGRAM&Expires=1445732047&Signature=PbdzENqe2miboOIHefrKoWz~CHB0dJ9srCdJCSxRT~rSx5jP8IYPFQ-QVC~O1puqeU4Es-eNaEzv~Bl0cjJiQztAnnexLgslcNV60xF3EmoYBZUzFj2o~XL5EJvvHA6OBTBD8TUxppZ5nD-Po7LGoMycZD-mr3xzHwiiW1ixFBU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=wget.exe

https://darts.isas.jaxa.jp/pub/ssw/gen/wget/.../wget.exe

http://192.168.0.2/.../wget.exe

ftp://ftp.netdatabox.com/tps/tpsutility/tpsservice/.../wget.exe

http://jethro.tistory.com/.../cfile24.uf@15782A0F4CAEDBD128314B.exe

https://mega.nz/temporary/.../7QoDnIpL

ftp://172.30.0.31/INSTALADORES REFICAR/Programas/Driver Pack/bin/.../wget.exe

http://bios.ddns.net:81/Server Data/DRIVER PACK/DriverPack Solution 15/.../wget.exe

http://192.168.0.3/.../wget.exe

http://gsf-cf.softonic.com/457/b1c/.../file?SD_used=0&channel=WEB&fdh=no&id_file=303826&instance=softonic_en&type=PROGRAM&Expires=1444180416&Signature=imILlQj9XljceVW7c7jWr9TLML4GDtjzUoUhmsTzhYhISNyf-NouuiwteA8fFZyesCU~2gqfnU2kvsBcU8zt9d0pzqEuNhTn7nXmopsVpf0VwwMqJRzG6bvfVMBjrF3YKFlYhaEo~UsyLxWuCw8xdeRGki-H9CnAkT4P9ZPRvCg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=wget.exe

http://rh.ddns.is74.ru/shares/Install/?????????/Kerio Control/!_Patch/Vityan/.../wget.exe

https://dl.dropboxusercontent.com/u/.../wget.exe

https://dl.dropbox.com/u/.../wget.exe

http://users.ugent.be/~bpuype/cgi-bin/.../wget.exe

http://users.ugent.be/~bpuype/.../wget.exe

ftp://184.168.27.52/wget.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.140.6:80)

TCP (HTTP):
Connects to 203.130.48.137-BJ-CNC  (203.130.48.137:80)

TCP (HTTP):
Connects to vip1.G-anycast1.cachefly.net  (205.234.175.175:80)

TCP (HTTP SSL):
Connects to eze03s06-in-f10.1e100.net  (173.194.42.42:443)

TCP (HTTP):
Connects to ec2-23-23-246-66.compute-1.amazonaws.com  (23.23.246.66:80)

TCP (HTTP):
Connects to chi14.stablehost.com  (184.154.45.210:80)

Scan wget.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.